Module Name: src
Committed By: kamil
Date: Tue May 29 23:34:18 UTC 2018
Modified Files:
src/sys/kern: sys_ptrace_common.c
Log Message:
Harden PT_ATTACH in ptrace(2)
Don't allow to PT_ATTACH from a vfork(2)ed child (before exec(3)/_exit(3))
to its parent. Return error with EPERM errno.
This scenario does not have a purpose and there is no clear picture how to
route signals.
Sponsored by <The NetBSD Foundation>
To generate a diff of this commit:
cvs rdiff -u -r1.42 -r1.43 src/sys/kern/sys_ptrace_common.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/sys_ptrace_common.c
diff -u src/sys/kern/sys_ptrace_common.c:1.42 src/sys/kern/sys_ptrace_common.c:1.43
--- src/sys/kern/sys_ptrace_common.c:1.42 Sun May 20 04:00:35 2018
+++ src/sys/kern/sys_ptrace_common.c Tue May 29 23:34:18 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: sys_ptrace_common.c,v 1.42 2018/05/20 04:00:35 kamil Exp $ */
+/* $NetBSD: sys_ptrace_common.c,v 1.43 2018/05/29 23:34:18 kamil Exp $ */
/*-
* Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -118,7 +118,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sys_ptrace_common.c,v 1.42 2018/05/20 04:00:35 kamil Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sys_ptrace_common.c,v 1.43 2018/05/29 23:34:18 kamil Exp $");
#ifdef _KERNEL_OPT
#include "opt_ptrace.h"
@@ -419,13 +419,19 @@ ptrace_allowed(struct lwp *l, int req, s
return EPERM;
/*
- * (4) it's already being traced, or
+ * (4) it's already being traced,
*/
if (ISSET(t->p_slflag, PSL_TRACED))
return EBUSY;
/*
- * (5) the tracer is chrooted, and its root directory is
+ * (5) it's a vfork(2)ed parent of the current process, or
+ */
+ if (ISSET(p->p_lflag, PL_PPWAIT) && p->p_pptr == t)
+ return EPERM;
+
+ /*
+ * (6) the tracer is chrooted, and its root directory is
* not at or above the root directory of the tracee
*/
mutex_exit(t->p_lock); /* XXXSMP */
